// Sanitize post
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
// Is email in database ?
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
// Get associated userid
$sql = "SELECT userid,username FROM users WHERE email = :email";
$result = $pdo->prepare($sql);
$result->execute(array('email' => $email));
$data = $result->fetch();
$numrows = $result->rowCount();
// Check email exists
if ($numrows === 1) {
// Get info to build the URL
// the key is the encrypted user's mail address
// so you need to have access to the secretkey and iv in config.php to get the key.
$key = $crypto->encrypt($email);
$protocol = 'https://';
$reset_url = $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
$reset_link = $protocol . str_replace('app/reset', 'change-pass', $reset_url) . '?key=' . $key . '&userid=' . $data['userid'];
// Send an email with the reset link
// Create the message
$footer = "\n\n~~~\nSent from eLabFTW http://www.elabftw.net\n";
$message = Swift_Message::newInstance()->setSubject('[eLabFTW] Password reset for ' . $data['username'])->setFrom(array(get_config('mail_from') => 'eLabFTW'))->setTo(array($email => $data['username']))->setBody(sprintf(_('Hi. Someone (probably you) with the IP address: %s and user agent %s requested a new password on eLabFTW. Please follow this link to reset your password : %s'), $ip, $u_agent, $reset_link) . $footer);
// generate Swift_Mailer instance
$mailer = getMailer();
// now we try to send the email
try {
$mailer->send($message);
} catch (Exception $e) {
// log the error
dblog('Error', $_SERVER['REMOTE_ADDR'], $e->getMessage());
/**
* Validate POST variables containing login/validation data for the TSP;
* Substitute missing values with empty strings and return as array
*
* @return array
*/
function processTimestampPost()
{
$crypto = new \Elabftw\Elabftw\CryptoWrapper();
if (isset($_POST['stampprovider'])) {
$stampprovider = filter_var($_POST['stampprovider'], FILTER_VALIDATE_URL);
} else {
$stampprovider = '';
}
if (isset($_POST['stampcert'])) {
$cert_chain = filter_var($_POST['stampcert'], FILTER_SANITIZE_STRING);
if (is_readable(realpath(ELAB_ROOT . $cert_chain)) || realpath($cert_chain)) {
$stampcert = $cert_chain;
} else {
$stampcert = '';
}
} else {
$stampcert = '';
}
if (isset($_POST['stampshare'])) {
$stampshare = $_POST['stampshare'];
} else {
$stampshare = 0;
}
if (isset($_POST['stamplogin'])) {
$stamplogin = filter_var($_POST['stamplogin'], FILTER_SANITIZE_STRING);
} else {
$stamplogin = '';
}
if (isset($_POST['stamppass'])) {
try {
$stamppass = $crypto->encrypt($_POST['stamppass']);
} catch (Exception $e) {
$stamppass = '';
}
} else {
$stamppass = '';
}
return array('stampprovider' => $stampprovider, 'stampcert' => $stampcert, 'stampshare' => $stampshare, 'stamplogin' => $stamplogin, 'stamppass' => $stamppass);
}
} else {
$smtp_encryption = '';
}
if (isset($_POST['smtp_port']) && is_pos_int($_POST['smtp_port'])) {
$smtp_port = $_POST['smtp_port'];
} else {
$smtp_port = '';
}
if (isset($_POST['smtp_username'])) {
$smtp_username = filter_var($_POST['smtp_username'], FILTER_SANITIZE_STRING);
} else {
$smtp_username = '';
}
if (isset($_POST['smtp_password'])) {
// the password is stored encrypted in the database
$smtp_password = $crypto->encrypt($_POST['smtp_password']);
} else {
$smtp_password = '';
}
$updates = array('smtp_address' => $smtp_address, 'smtp_encryption' => $smtp_encryption, 'smtp_port' => $smtp_port, 'smtp_username' => $smtp_username, 'smtp_password' => $smtp_password, 'mail_method' => $mail_method, 'mail_from' => $mail_from, 'sendmail_path' => $sendmail_path);
if (!update_config($updates)) {
$errflag = true;
$error = '9';
}
}
// END EMAIL
// REDIRECT USER
if ($errflag) {
$msg_arr[] = sprintf(_("There was an unexpected problem! Please %sopen an issue on GitHub%s if you think this is a bug.") . "<br>E#" . $error, "<a href='https://github.com/elabftw/elabftw/issues/'>", "</a>");
$_SESSION['errors'] = $msg_arr;
header('Location: ../sysconfig.php?tab=' . $tab);
